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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a), In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
• Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 

earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )□ Responsive to communication(s) filed on . 

2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 
Disposition of Claims 

4) M Claim(s) 1-12 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) [3 Claim(s) 1-12 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

1 1) D The proposed drawing correction filed on is: a)D approved b)D disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action, 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 120 

1 3) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 1 9(a)-(d) or (f). 

aO All b)D Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 



3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* Seethe attached detailed Office action for a list of the certified copies not received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121. 
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2) CD Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) CD Information Disclosure Statement(s) (PTO-1449) Paper No(s) . 
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5) CD Notice of Informal Patent Application (PTO-152) 

6) D Other: 



U.S. Patent and Trademark Office 
PTO-326 (Rev. 04-01) 



Office Action Summary 



Part of Paper No. 3 



Application/Control Number: 09/588,801 
Art Unit: 2126 



Page 2 



DETAILED ACTION 
Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

2. Claims 1,2, 4- 10 and 1 2 are rejected under 35 U.S.C. 102(e) as being 
anticipated by U.S. Patent No. 6,381 ,639 to Thebaut. 

As to claims 1 and 5, Thebaut teaches a computing system [network 18, Fig. 1; 
column 3, lines 20 - 30] wherein requests are in the form of encapsulated information 
[objects might be transmissions, where the attributes... are source Internet Protocol 
address, destination IP address, and service type; column 3, lines 20 - 38], controlling 
access to actions and objects within the computing system [actions are dependent on 
the application... may include permission or forbiddance of an operation on the network; 
column 3, lines 48 - 57], comprising: 

configuring selected domains on the computing system as configured domains 
[attaching configuration records to elements in the domain space to create configuration 
policies; column 6, lines 1 - 10], each one of the configured domains comprising a 
higher-order multidimensional domain space [an object inherits from its topological 
parent by reason of the pure hierarchical nature of topological domains; column 8, lines 
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45 - 60], for segregating system operational functionality according to defined 
operational boundaries [the domain space 12 consists of objects of interest in the 
application, Fig. 1; column 3, 28 - 39], the operational boundaries defined by mapping 
attributes of the requests into individual domains [policy is a rule attached to an object 
and has one or more attributes whose values can be set to any level within predefined 
boundaries; column 13, lines 30-37]; 

providing a master daemon [policy driver 116, Fig. 6; column; column 6, lines 1 - 
10 and 57 - 67], the master daemon selecting the configured domains by utilizing the 
attributes of the requests [select the rule that issues from the most specific domain 
element; column 4, lines 39 - 67]; 

performing at least one other defined action [Execute the action of each rule in 
the enforceable rule set; column 4, lines 20 - 30]; and 

wherein the subordinate daemons, the subordinate processes, the subordinate 
threads, and the other defined actions being constrained to operate within one of the 
configured domains at least as restrictive as the configured domain of the master 
daemon [policies inherited by users and end-stations from logical domain parents will 
apply to those users and end-stations regardless of the topological domain in which 
they are attached; column 8, lines 44 - 67]. As to causing the master daemon to 
perform at least one of the following actions: instantiating at least one daemon, 
instantiating at least one subordinate daemon, instantiating at least one process, 
instantiating at least one subordinate process, or instantiating at least one subordinate 
thread, Thebaut teaches instantiating at least one process [output of the policy driver 16 
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is an action space 17 which generally brings about an enforcement of a policy in 
network 18; column 3, lines 20 - 30], 

As to claims 2 and 10, Thebaut teaches the master daemon controls functionality 
[function of the policy driver 1 16 is to monitor objects in the domain space 112 and to 
enforce configuration policies 115, Fig. 6; column 6, lines 57 - 67] of all the instantiated 
daemons, subordinate daemons, processes [output of the policy driver 16 is an action 
space 17 which generally brings about an enforcement of a policy in network 18; 
column 3, lines 20-30], subordinate processes, subordinate threads and the defined 
actions on selected ones of the operating systems on computer systems connected to 
the network. 

As to claims 4 and 1 2, Thebaut teaches the selected domains are further defined 
by at least one of a security label, a set of security labels, a lattice of security labels, a 
group of security labels, a range of security labels, a combination of collections of 
security labels, and other defined constructs [configuration is a set of particular values 
of attributes that govern the operational characteristics of a device (e.g., port thresholds, 
on/off switches, access, security, etc.); column 5, lines 40-47]. 

As to claim 6, Thebaut teaches at least one of the computing systems [network 
management system 31 , Fig. 3] is local to the master daemon [live network 30 
communicates with the a network management system 31 , which in turn communicates 
with a policy configuration management (PCM) system 32, Fig. 3; column 5, lines 20 - 
35]. 
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As to claims 7 and 8, Thebaut teaches at least one of the computing systems is 
on the network and is remote from the master daemon [output of the driver is an action 
space 117 (ultimately sent to network 18 or to the network management system 31 in 
FIG. 3); column 6, lines 55 - 67]. 

As to claim 9, Thebaut teaches the step of causing the master daemon to 
respond to selected ones of the requests [policy driver for monitoring and enforcing 
configuration policies; column 6, lines 57 - 67] to perform a defined action on the 
remote computing system [Execute the action of each rule in the enforceable rule set; 
column 4, lines 20-30]. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 3 and 1 1 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Thebaut in view of U.S. Patent No. 5,692,180 to Lee. 

As to claims 3 and 1 1 , Thebaut does not teach a master daemon that maintains 
centralized and coordinated access to subsystems of the computing systems. 

However, Lee teaches a master daemon [cdslited 29] maintaining centralized 
and coordinated access [centralized mechanism] to subsystems of the computing 
systems [one daemon running the cell, called cdslited 29, which provides a centralized 
mechanism to access the namespace 30, Fig. 3; column 4, lines 30 - 40]. 
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It would have been obvious to a person of ordinarily skilled in the art at the time 
of the invention to apply the teaching of maintaining centralized and coordinated access 
to subsystems of the computing systems as taught by Lee to the invention of Thebaut 
because this allows one process to control the subsystems, simplify state management 
and allowing security administrators to centrally manage user and application security- 
related attributes. 

Conclusion 

5. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

* U.S. Patent No. 5,889,953 to Thebaut teaches determining an enforceable policy 
applicable to one ore more network devices. 

U.S. Patent No. 5,872,928 to Lewis teaches defining and enforcing policies for 
configuration management in communication networks. 

U.S. Patent No. 6,381,627 to Kwan teaches detecting multiple master DNS 
server computers and handles multiple namespaces. 

U.S. Patent No. 6,061,723 to Walker teaches network management event 
correlation in environments containing network elements. 

U.S. Patent Application Publication No. 2002/0169867 to Mann teaches remote 
management and maintenance of a node or service within a data communication 
network. 
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6. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Li B. Zhen whose telephone number is (703) 305-3406. 
The examiner can normally be reached on Mon - Fri, 8am - 4:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John A. Follansbee can be reached on (703) 305-8498. The fax phone 
numbers for the organization where this application or proceeding is assigned are (703) 
746-7239 for regular communications and (703) 746-7238 for After Final 
communications. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (703) 305- 
3900. 




Li B. Zhen 
Examiner 
Art Unit 2126 



Ibz 

August 8, 2003 
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